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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time maybe available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )IEI Responsive to communication(s) filed on 28 April 2011 . 
2a)M This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) ^3 Claim(s) 1 and 3-26 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) M Claim(s) 1 and 3-26 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. §119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)DAII b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

20 Certified copies of the priority documents have been received in Application No. . 

3.D Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

1 . Claims 1 and 3-26 remain for examination. 



Response to Arguments 

2. Applicant's arguments filed 4/28/1 1 have been fully considered but they are not 
persuasive. First, contrary to Applicant's assertion, claim 26 was quite clearly rejected 
in the previous Office Action, as Gong teaches that limitation at col. 1 1 , line 40-67 (see 
the Office Action of 3/2/1 1 , page 6, last paragraph: "Regarding claim 26"). Therefore, 
Applicant's arguments protesting the finality of this Office Action are displaced and non- 
persuasive, and the finality of this Action is proper. 

3. Regarding the rejections under 35 USC 1 01 , Applicant argues: 

Applicant notes that the instant Office Action rejects Claims 17-25 under the assertion 
that it is within the scope of the disclosure that Claims 17-25 are directed toward a 
transitory propagating signal per se, and are thus non-statutory. However, Applicant 
respectfully submits that the specification describes only statutory embodiments of a 
computer readable medium and is silent with respect to any non-statutory embodiments 
of a computer readable medium. Therefore, Applicant respectfully submits that Claims 
17-25, when reasonably interpreted consistent with the specification, are directed toward 
statutory subject matter, and thus overcome the instant rejection under 35 U.S.C.§ 1 01 . 

Examiner disagrees. The one and only teaching provided by the instant 
specification regarding computer-readable media is found on page 16 of the instant 
specification, paragraph 0070, reprinted with emphasis by the Examiner: 

[0073] FIGS. 3A and 3B depict a flowchart 300 for enforcing protection in a computer 
system by decoupling protection from privilege according to embodiments of the present 
invention. Although specific operations are disclosed in flowchart 300, such operations 
are exemplary. That is, embodiments of the present invention are well suited to 
performing various other operations or variations of the operations recited in flowchart 
300. It is appreciated that the operations in flowchart 300 may be performed in an order 
different than presented, and that not all of the operations in flowchart 300 may be 
performed. All of, or a portion of, the embodiments described by flowchart 300 can 
be implemented using computer-readable and computer-executable instructions 
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which reside, for example, in computer-usable media of a computer system or like 
device . 

Clearly, the instant application only recites that the invention may reside on a 
computer-usable medium; it says nothing regarding the nature of said computer-usable 
medium, which is exactly the issue that the USPTO directive quoted by the Applicant is 
designed to address. Examiner utterly fails to see how this one recitation could possibly 
be read to exclude signal embodiments, as alleged by the Applicant. Examiner 
respectfully solicits the Applicant to either produce that portion of the instant 
specification (as originally written) that further limits "computer-usable medium" to the 
statutory embodiments, or amend the claims as initially suggested by the Examiner to 
read only on "non-transitory" computer readable media. 

4. In response to Applicant's arguments traversing the rejections of the claims 
under 35 USC 103(a), the Examiner notes that Applicant has made an assumption that 
those of ordinary skill in the art would recognize as fundamentally flawed: Applicant has 
naively assumed that in order for one to have the ability to load code from a remote 
resource on a network, said code must be an instance of an object-oriented [00] class 
(see the amendment of 4/28/1 1 , page 1 1 , 5 th paragraph; page 1 5, last paragraph; page 
1 6, last paragraph; etc.). This is incorrect, as those of ordinary skill in the art were fully 
aware of alternative means to achieve the equivalent effect; one such non-limiting 
example would be through the use of Remote Procedure Calls (RPCs), as evidenced by 
the Marshall reference enclosed herein. For example, programmers of ordinary skill in 
the art had long had the ability to write programs in C (a non-object oriented 
programming language) to pass code and data objects between a client and a server in 
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much the same way that the classes disclosed by Gong's Java embodiment operated, 
as per the various citations made by the Applicant in his amendment. 

Although the Applicant has clearly read the Gong reference, his repetitious 
analysis betrays only the most cursory, superficial understanding of Gong's disclosure. 
The problem that Gong was trying to solve was that there are inherent security issues in 
allowing code from remote sources to operate unfettered on one's machine; and 
previous attempts to place security restrictions on remote code, such as by sandboxing 
(e.g. col. 2, lines 1 -30) were felt to be sub-optimal, thus leading Gong to try his 
approach of establishing protection domains. The problem with Applicant's assumption 
that Gong's use of protection domains implies that the code being managed must be 
object-oriented in nature (amendment, pages 12-16) is that it logically follows that non- 
object oriented code would have none of the security issues identified by Gong in 
columns 1 & 2; if that were the case, then an easier solution from what Gong discloses 
would be to simply not use Java or any object-oriented language to write one's code in 
the first place. Note that at no point in Gong's description of the problems that he 
solves (columns 1 & 2, Ibid) does he ever limit them to being pertinent only to object- 
oriented code; to the contrary, people of ordinary skill in the art would recognize the 
security issues in remote code execution would exist regardless of what programming 
language the remote code was written in. And as noted previously, while Gong clearly 
prefers Java as his language of choice - Java being well known as an object-oriented 
language wherein by design every program is a series of one or more classes - 
nevertheless it does not follow that because his specific example teaches the use of 
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classes, that the only permissible variations of his improved protection for remote code 
must also be classes from an object oriented language. The fact that Gong chose Java 
dictated his use of classes in the preferred embodiment of his invention; not the other 
way around, as alleged by the Applicant. Gong teaches that all manner of variations of 
his invention are possible (col. 4, lines 15-20; and col. 13, lines 23-30); and since those 
of ordinary skill in the art knew that remote code is not inherently limited to object 
oriented classes, the mere fact that this is possible is enough to suggest Applicant's soft 
limitation "wherein said portions of code are not required to be associated with one or 
more object oriented classes". 



Claim Rejections - 35 USC §101 

5. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

6. Claims 17-25 are rejected under 35 U.S.C. 101 because the claimed invention is 
directed to non-statutory subject matter. The claims are directed toward a "computer- 
usable medium", which, absent a specific definition in the instant specification, is 
understood to encompass such ephemeral media as optical or electromagnetic signals 
on carrier waves. These transitory types of computer-usable media are non-statutory; 
however the Examiner respectfully suggests that the rejections can be overcome by 
amending the claims to recite a "non-transitory" computer-usable media, thus limiting 
the scope of the claims to statutory subject matter. 
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Claim Rejections - 35 USC § 103 

7. Claims 1 and 3-26 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Gong (U.S. Patent 6,1 25,447) in view of "The C Book - Structures" (hereinafter, 
"GBDirect"). 

Regarding claims 1,12, and 1 7: 

Gong discloses a method, computer system and computer readable medium for 
providing flexible protection by decoupling protection from privilege, comprising: 
enabling receipt of information describing two or more types of protection (col. 8 line 40 
- col. 9, line 37); enabling receipt of information describing a relationship between said 
two or more types of protection and portions of code that are executed in a same 
privilege level of the computer system, where said relationship is not required to be 
linear (Ibid; and col. 9, lines 40-53); and enabling the association of said information 
describing two or more types of protection and said information describing said 
relationship with said portions of code (Ibid, and col. 10, lines 57-62) wherein a first 
portion of code allowing a second portion of code to access the first portion of code 
does not depend on the second portion of code allowing the first portion of code to 
access the second portion of code (col. 1 2, line 40 - col. 1 3, line 1 0). Per claim 1 2, 
Gong further discloses a memory unit and processor (col. 4, lines 25-45). 

Gong's disclosure is limited to explicitly discussing the preferred embodiment 
wherein all the pertinent software is implemented as Java objects, Java being a well- 
known object-oriented programming language with classes (col. 6, line 45 - col. 7, line 
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60). However, Gong merely assumes that the object oriented requirement is true (Ibid, 
particularly col. 6, lines 65-66); yet his preferred embodiment is illustrative but not 
restrictive, and variations as to the specifics of how his invention is implemented are 
permitted (col. 13, lines 23-30). In that vein, those of ordinary skill in the art would have 
known that other programming languages predating the object-oriented programming 
phenomenon nevertheless allowed for data objects and methods to manipulate them; 
perhaps the most well known example is found in the C programming language, with its 
use of "structs" as illustrated by GBDirect (the entire article, particularly inter alia its 
discussion on using structures and functions to manipulate said structures to implement 
such well-known data objects as linked lists and trees). 1 It would have been obvious to 
use C - or any other non-object-oriented programming language - as the basis for the 
software in the Gong invention in lieu of Java as Gong preferably discloses, as the 
substitution of one well-known programming language for another would have yielded 
predictable results to one of ordinary skill in the art at the time of the invention. 

Examiner takes Official Notice that the C programming language can be used to 
implement remote code in much the same manner as the Java language used in 
Gong's preferred embodiment (see the Marshall reference for support). 



1 Examiner notes that an object-oriented class, such as found in C++, is a superset of the struct data type 
from C (see Sebesta, page 423, "10.5.4.1 Encapsulation"; and Barr, page 146, 2nd last paragraph). 



Application/Control Number: 10/769,594 Page 8 

Art Unit: 2435 

Regarding claims 2, 13, and 18: 

Gong further discloses wherein said relationship is user-definable (col. 8, lines 
45-63, noting that the ability for a user to set permissions on at least one's home 
directory and the contents therein was known in the art). 

Regarding claims 3, 14, and 19: 

Gong further discloses wherein said portions of code are domains and each of 
said types of protections is defined in part by at least one or more domain attributes 
(col. 9, lines 40-55). 

Regarding claims 4 and 20: 

Gong further discloses wherein said one or more domain attributes includes a 
domain identifier that specifies a unique value for a particular domain (col. 9, lines 5-20). 

Regarding claims 5 and 21 : 

Gong further discloses wherein said one or more domain attributes includes a 
Private Key that specifies a unique value that a particular domain must use for 
protecting each user that concurrently uses a particular domain (col. 9, lines 5-37). 
Regarding claims 6 and 22: 

Gong further discloses wherein said one or more domain attributes includes a 
SharedCode Key that specifies a value that a particular domain must use to access 
code associated with another domain (col. 9, lines 25-37). 
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Regarding claims 7 and 23: 

Gong further discloses wherein said one or more domain attributes includes a 

SharedData Key that specifies a value that a particular domain must use to access data 

associated with another domain (Ibid). 

Regarding claims 8 and 24: 

Gong further discloses wherein said one or more domain attributes includes a 
AllowOthers Key that specifies a value that a particular domain must use to access 
code associated with another domain in conjunction with said particular domain 
performing cross-domain switching to said other domain (col. 9, lines 25-37; col. 10, 
lines 27-40). 

Regarding claims 9 and 25: 

Gong further discloses wherein said one or more domain attributes includes a 
AccessOthers Key that specifies a value that a particular domain must use to request 
access of code associated with a particular domain on behalf of another domain (col. 9, 
lines 25-37; col. 10, lines 1-17). 
Regarding claim 26: 

Gong further discloses wherein said second portion of code is allowed to access 
said first portion of code after a third portion of code accesses said second portion of 
code and wherein said third portion of code is not required to access said first portion of 
code (col. 11, lines 40-67). 
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Regarding claims 10 and 15: 

Gong discloses a method and computer system for providing flexible protection 
by decoupling protection from privilege, comprising: detecting a request from a first 
portion of code to access a second portion of code, wherein said first and second 
portions of code are executed in a same privilege level of said computer system (col. 9, 
lines 54-67; col. 1 1 , lines 40-65); determining whether said first portion of code is 
allowed to access said second portion of code based on information describing two or 
more types of protection and also based on information describing a relationship 
between said two or more types of protection, wherein said relationship is not required 
to be linear (col. 8, line 40 - col. 9, line 37); if said relationship specifies that said first 
portion of code may access said second portion of code, then allowing said first portion 
of code to access said second portion of code (col. 12, lines 54-67); else not allowing 
said first portion of code to access said second portion of code (Ibid). Per claim 15, 
Gong further discloses a memory unit and processor (col. 4, lines 25-45). 

Gong's disclosure is limited to explicitly discussing the preferred embodiment 
wherein all the pertinent software is implemented as Java objects, Java being a well- 
known object-oriented programming language with classes (col. 6, line 45 - col. 7, line 
60). However, Gong merely assumes that the object oriented requirement is true (Ibid, 
particularly col. 6, lines 65-66); yet his preferred embodiment is illustrative but not 
restrictive, and variations as to the specifics of how his invention is implemented are 
permitted (col. 13, lines 23-30). In that vein, those of ordinary skill in the art would have 
known that other programming languages predating the object-oriented programming 
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phenomenon nevertheless allowed for data objects and methods to manipulate them; 
perhaps the most well known example is found in the C programming language, with its 
use of "structs" as illustrated by GBDirect (the entire article, particularly inter alia its 
discussion on using structures and functions to manipulate said structures to implement 
such well-known data objects as linked lists and trees). It would have been obvious to 
use C - or any other non-object-oriented programming language - as the basis for the 
software in the Gong invention in lieu of Java as Gong preferably discloses, as the 
substitution of one well-known programming language for another would have yielded 
predictable results to one of ordinary skill in the art at the time of the invention. 

Examiner takes Official Notice that the C programming language can be used to 
implement remote code in much the same manner as the Java language used in 
Gong's preferred embodiment (see the Marshall reference for support). 

Regarding claims 1 1 and 16: 

Gong further discloses wherein said information describing said two or more 
types of protection and said information describing said relationships are associated 
with said portions of code and wherein the method further comprises retrieving said 
information describing said two or more types of protection and said information 
describing said relationships (col. 12, lines 10-40). 
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Conclusion 

8. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .1 36(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Thomas Gyorfi whose telephone number is (571)272- 
3849. The examiner can normally be reached on 10:00am - 6:30pm Monday - Friday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on (571 ) 272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



TAG 
5/13/11 

/HOSUK SONG/ 

Primary Examiner, Art Unit 2435 



